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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
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earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 26 January 2006 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1, 453 O.G. 21 3. 
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4) I3 Claim(s) 1-36 is/are pending in the application. 
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5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-36 is/are rejected. 
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Application Papers 

9) D The specification is objected to by the Examiner. 
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DETAILED ACTION 
Response to Amendment 
Applicant's arguments with respect to previously presented claims 2-12, 14-20, 29, & 32- 
36 and currently amended claims 1, 13, 21-28, & 30-31 filed 1/26/2006 have been fully 
considered but they are not persuasive. The Examiner would like to point out that this action is 
made final (See MPEP 706.07a). 

Previous claim objections with regards to claims 1, 13, 21, and 31 have been withdrawn. 

Terminal Disclaimer 

The terminal disclaimer filed on 1/26/2006 disclaiming the terminal portion of any patent 
granted on this application which would extend beyond the expiration date of any patent granted 
on Application Number 10/086,147 has been reviewed and is accepted. The terminal disclaimer 
has been recorded. 

Response to Arguments 
With regard to the amendments made to traverse the 35 USC 101 rejections applied to 
claims 21-25, 27, and 28, Examiner maintains the 35 USC 101 rejections made in the previous 
office action. Merely adding the term "computer-readable" in front of control program does not 
suggest that this program is definitely tied to an article of manufacture which would result in a 
practical application producing a concrete, useful, and tangible result (on a computer in this case) 
to form the basis of statutory subject matter under 35 USC 101 . 
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Applicants contend that Houvener et al. does not teach or suggest a "portable storage 
device comprising storage, the storage configured to store a network identity for the processing 
unit," Examiner respectfully disagrees. Houvener et al. teach various methods of storing a 
network id in order to validate a terminal and allow that terminal to gain access to private 
information (par. 33, lines 18-25). Houvener et al. further teach that this network id may be 
stored on a hardware token based on the terminal's MAC address (par. 33, lines 29-37). Yet 
further, Houvener et al. teach that any mechanism which allows for a specific terminal 
identification may be utilized whether implemented via hardware or software (par. 33, lines 33- 
43). Taking this in combination with Sehr's teachings, the network id would be stored on the 
portable storage device (as disclosed by Sehr) in order to result in the advantage of validating the 
terminal using a network id in order to verify that only those terminals that should gain access to 
the private data are validated, as suggested by Houvener et al. in par. 33, lines 18-25. 

In response to applicant's argument that the examiner's conclusion of obviousness is 
based upon improper hindsight reasoning, it must be recognized that any judgment on 
obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning. But so 
long as it takes into account only knowledge which was within the level of ordinary skill at the 
time the claimed invention was made, and does not include knowledge gleaned only from the 
applicant's disclosure, such a reconstruction is proper. See In re McLaughlin, 443 F.2d 1392, 
170USPQ 209(CCPA 1971). 

In response to applicant's argument that there is no suggestion to combine the references, 
the examiner recognizes that obviousness can only be established by combining or modifying the 
teachings of the prior art to produce the claimed invention where there is some teaching, 
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suggestion, or motivation to do so found either in the references themselves or in the knowledge 
generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 
USPQ2d 1596 (Fed. Cir. 1988)and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). 
In this case, Houvener et al. teach that terminal validation is very important to ensure that only 
those terminals authorized to gain access to private information do so (par. 33, lines 18-25). 

Due to the reasons stated above, the Examiner maintains rejections with respect to 
previously presented claims 2-12, 14-20, 29, & 32-36 and currently amended claims 1, 13, 21- 
28, & 30-3 1 . Sehr teaches the limitations that the Applicant suggests distinguish from the prior 
art. Furthermore, Houvener et al. in combination with Sehr teach the limitations not explicitly 
disclosed by Sehr. Therefore, it is the Examiner's conclusion that previously presented claims 2- 
12, 14-20, 29, & 32-36 and currently amended claims 1, 13, 21-28, & 30-31 are not patentably 
distinct or non-obvious over the prior art of record as presented. 

Claim Rejections - 35 USC § 101 

I. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

II. Claims 21- 25 and 27-28 are rejected under 35 U.S.C. 101 because the claimed invention 
is directed to non-statutory subject matter, as they do not fall under any of the statutory classes of 
inventions. The language in the claims raise an issue because the claims are directed merely to 
an abstract idea that is not tied to an article of manufacture which would result in a practical 
application producing a concrete, useful, and tangible result to form the basis of statutory subject 
matter under 35 U.S.C. 101. 
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Claim Rejections - 35 USC §103 

» 

III. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

IV. Claims 1-36 are rejected under 35 U.S.C. 103(a) as being unpatentable over Sehr, US 
Patent No. 6,085,976 and further in view of Houvener et al., US Pub. No. 2002/0138351. 
As per claims 1 and 31: 

Sehr substantially teaches a portable storage device for a processing unit that is 
connectable to a data communications network and includes a device reader for reading the 
portable storage device, the portable storage device comprising storage containing an access 
controller, the storage holding at least one encryption key, and the access controller being 
operable to control access to the storage by implementing key-key encryption (col. 18, lines 1- 
36). 

Not explicitly disclosed is the portable storage device containing network identification 
information or the storage holding a network identity for the processing unit. However, 
Houvener et al. teach a hardware token holding a MAC address in order to allow for device 
identification. Therefore, it would have been obvious to a person in the art at the time the 
invention was made to modify the method disclosed in Sehr to also store network identification 
information for the processing unit on the storage. This modification would have been obvious 
because a person having ordinary skill in the art, at the time the invention was made, would have 
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been motivated to do so since Houvener et al. suggest that terminal validation is very important 
to ensure that only those terminals authorized to gain access to private information do so in par. 
33, lines 18-25 and par. 33, lines 29-43. 
As per claims 2 and 32: 

Sehr and Houvener et al. substantially teach the portable storage device of claims 1 and 

3 1 . Furthermore, Sehr teaches the portable storage device comprising at least one secure storage 
portion accessible only under the control of the access controller (col. 18, lines 1-7 and 33-36). 
As per claims 3 and 33: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 2 and 

32. Furthermore, Sehr teaches the portable storage device wherein said at least one encryption 
key is held in said secure storage portion (col. 18, lines 1-7 and 33-36). 

As per claims 4 and 34: 

Sehr and Houvener et al. substantially teach the portable storage device of claims 2 and 
32. Furthermore, Sehr teaches the portable storage device wherein at least one network security 
encryption key is held in said secure storage portion (col. 19, lines 3-33). 
As per claim 5: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 2. 
Furthermore, Sehr teaches wherein a file is configured in said secure storage portion (col. 2, lines 
27-40). 

As per claim 6: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 2. 
Furthermore, Sehr teaches wherein one or more files, containing information are configured in 
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respective secure storage portions (col. 7, lines 25-39). 
As per claim 7 and 35: 

Sehr and Houvener et al. substantially teach the portable storage device of claims 2 and 
3 1 . Not explicitly disclosed is wherein the access controller is operable to perform key-key 
verification of a request encrypted by a request key supplied from the processing unit and, in 
response to the request key verifying correctly, to return to the processing unit an access key 
derived from said at least one encryption key to permit access to the secure storage portion. 
However, Sehr teaches that particular card data is protected with encryption so that only the 
entity intended to receive the data does so. Furthermore, Sehr teaches that the key is used to 
encrypt a payment form that is sent to the cardholder who can only use the form by decrypting it 
with the correct key, thereby allowing access to the payment information held in the card in 
order to clear the payment. 

Therefore, it would have been obvious to a person in the art at the time the invention was 
made to modify the method disclosed in Sehr for the access controller is operable to perform 
key-key verification of a request encrypted by a request key supplied from the processing unit 
and, in response to the request key verifying correctly, to return to the processing unit an access 
key derived from said at least one encryption key to permit access to the secure storage portion. 
This modification would have been obvious because a person having ordinary skill in the art, at 
the time the invention was made, would have been motivated to do so since Sehr suggests that 
using a key to authorize/allow access to various data results in a. stronger means of authentication 
in col. 17, lines 50-67. 
As per claim 8: 
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Sehr and Houvener et al. substantially teach the portable storage device of claim 7. 
Furthermore, Sehr teaches wherein the access controller is subsequently operable to respond to a 
command from the processing unit that is encrypted using the access key to access the secure 
storage portion (col. 17, lines 50-67). 
As per claim 9: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 2. Not 
explicitly disclosed is wherein the storage in the portable storage device comprises random 
access memory, the secure storage comprising a part of the random access memory. 
Furthermore, Houvener et al. teach that the hardware token contains memory and also teaches 
that modifications can be made to the specific elements used. However, Sehr et al. teach that 
there are numerous possible configurations; Therefore, it would have been obvious to a person 
in the art at the time the invention was made to modify the method disclosed in Sehr for the 
storage in the portable storage device to comprise RAM. This modification would have been , 
obvious because a person having ordinary skill in the art, at the time the invention was made, 
would have been motivated to do so since Sehr suggests that various configurations are possible 
in order for this system to work in a secure manner in col. 16, lines 1-19. 
As per claim 10: 

Sehr and Houvener et al. substantially teach the portable storage device of claim 1. Not 
explicitly disclosed is wherein the access controller is a programmed microcontroller. However, 
Sehr teaches that the information put on the card is configurable. Therefore, it would have been 
obvious to a person in the art at the time the invention was made to modify the method disclosed 
in Sehr for the access controller to be a programmed microcontroller. This modification would 
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have been obvious because a person having ordinary skill in the art, at the time the invention was 
made, would have been motivated to do so since Sehr suggests that various configurations are 
possible in order for this system to work in a secure manner in col. 16, lines 1-19. 
As per claim 1 1 : 

Sehr and Houvener et al. substantially teach the portable storage device of claim 1. 
Furthermore, Houvener et al. teach wherein the portable storage device is a smart card (par. 29). 
As per claim 12: 

Sehr and Houvener et al. substantially teach the processing unit of claim 1 . Furthermore, 
Houvener et al. teach wherein the network identity comprises a MAC address (par. 33, lines 29- 
43). 

As per claims 13, 21, 29, and 30: 

Sehr substantially teaches a processing unit, a control program for a processing unit, a 
microcontroller, and a server computer connectable to a data communications network, having a 
device reader for reading the portable storage device, the portable storage device comprising 
storage containing an access controller, the storage holding at least one encryption key, and the 
access controller being, operable to control access to the storage by implementing key-key 
encryption (col. 18, lines 1-36). 

Not explicitly disclosed is the portable storage device containing network identification 
information or the storage holding a network identity for the processing unit. However, 
Houvener et al. teach a hardware token holding a MAC address in order to allow for device 
identification. Therefore, it would have been obvious to a person in the art at the time the 
invention was made to modify the method disclosed in Sehr to also store network identification 
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information for the processing unit on the storage. This modification would have been obvious 
because a person having ordinary skill in the art, at the time the invention was made, would have 
been motivated to do so since Houvener et al. suggest that terminal validation is very important 
to ensure that only those terminals authorized to gain access to private information do so in par. 
33, lines 18-25 and par. 33, lines 29-43. 

Also not explicitly disclosed is it being operable to access a secure portion of the storage 
of the portable storage device by supplying a key-encrypted request to the access controller, and, 
in response to receipt of an access key from the access controller, being operable to send an 
encrypted command to access the content of the storage of the portable storage device. 
However, Sehr teaches that particular card data is protected with encryption so that only the 
entity intended to receive the data does so. Furthermore, Sehr teaches that the key is used to 
encrypt a payment form that is sent to the cardholder who can only use the form by decrypting it 
with the correct key, thereby allowing access to the payment information held in the card in 
order to clear the payment. Therefore, it would have been obvious to a person in the art at the 
time the invention was made to modify the method disclosed in Sehr for it to be operable to 
access a secure portion of the storage of the portable storage device by supplying a key- 
encrypted request to the access controller, and, in response to receipt of an access key from the 
access controller, being operable to send an encrypted command to access the content of the 
storage of the portable storage device. This modification would have been obvious because a 
person having ordinary skill in the art, at the time the invention was made, would have been 
motivated to do so since Sehr suggests that using a key to authorize/allow access to various data 
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results in a stronger means of authentication in col. 17, lines 50-67. 
As per claims 14 and 22: 

Sehr and Houvener et al. substantially teach claims 13 and 21. Furthermore, Sehr teaches 
wherein, in response to the return of an access key, the processing unit is operable to use the 
access key to encrypt a command for access to a secure storage in the portable storage device 
(col. 17, lines 50-67). 
As per claims 15 and 23: 

Sehr and Houvener et al. substantially teach claims 13 and 21. Furthermore, Houvener et 
al, teach wherein the portable storage device is a smart card and the device reader is a smart card 
reader (par. 29). Not explicitly disclosed is wherein the access controller is a microcontroller. 
However, Sehr teaches that the information put on the card is configurable. Therefore, it would 
have been obvious to a person in the art at the time the invention was made to modify the method 
disclosed in Sehr for the access controller to be a programmed microcontroller. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so since Sehr suggests that 
various configurations are possible in order for this system to work in a secure manner in col. 16, 
lines 1-19. 

As per claims 16, 24, and 36: 

Sehr and Houvener et al. substantially teach claims 13,21, and 3 1 . Furthermore, 
Houvener et al. teach wherein the network identity comprises a MAC address (par. 33, lines 29- 
43). 

As per claims 17, 25, and 27: 
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Sehr and Houvener et al. substantially teach claims 13 and 21. Furthermore, Sehr teaches 
a service processor, the service processor being programmed to control reading of the portable 
storage device (col. 3, lines 57-67). 
As per claims 18 and 28: 

Sehr and Houvener et al. substantially teach claims 17 and 27. Not explicitly disclosed is 
wherein the service processor is a microcontroller. However, Sehr teaches that the information 
put on the card is configurable. Therefore, it would have been obvious to a person in the art at 
the time the invention was made to modify the method disclosed in Sehr for the access controller 
to be a programmed microcontroller. This modification would have been obvious because a 
person having ordinary skill in the art, at the time the invention was made, would have been 
motivated to do so since Sehr suggests that various configurations are possible in order for this 
system to work in a secure manner in col. 16, lines 1-19. 
As per claims 19 and 20: 

Sehr and Houvener et al. substantially teach claim 13. Not explicitly disclosed is wherein 
the processing unit is a computer server or a rack mountable computer server. However, Sehr 
teaches that information is stored and retrieved from a database. Therefore, it would have been 
obvious to a person in the art at the time the invention was made to modify the method disclosed 
in Sehr for the database to be a database server or a rack mountable server. This modification 
would have been obvious because a person having ordinary skill in the art, at the time the 
invention was made, would have been motivated to do so since Sehr suggests that a database is 
essential in this system and that there are various possible configurations that may be 
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implemented in col. 19, lines 3-12. 
As per claim 26: 

Sehr and Houvener et al. substantially teach the control program of claim 21. 
Furthermore, Houvener et al. teach the control program on a carrier medium (par. 29). 

^References Cited, Not Used 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

1. US Patent No. 6,654,797 

2. US Patent No. 6,260,111 

3. US Patent No. 5,809,140 

The above references have been cited because they are relevant due to the manner in which the 
invention has been claimed. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1. 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1. 136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 



Nadia Khoshnoodi 
Examiner 
Art Unit 2137 
4/3/2006 
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